Sid3^effects aKa HaRi

72 exploits Active since May 2010
CVE-2010-2355 EXPLOITDB WRITEUP
Pilot Group eLMS Pro - Cross-Site Scripting via Error Page Message Parameter
Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2911 EXPLOITDB text WRITEUP
Kayako eSupport <3.70.02 - SQL Injection
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.
CVE-2010-5010 EXPLOITDB text WRITEUP
SchoolMation 2.3 - Cross-Site Scripting via Session Parameter
Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter.
CVE-2010-5018 EXPLOITDB text WRITEUP
2daybiz Online Classified Script - XSS
Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
CVE-2010-2697 EXPLOITDB text WRITEUP
Sijio Community Software - Authenticated Stored Cross-Site Scripting via Blog Title Parameter
Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-2696 EXPLOITDB text WRITEUP
Sijio Community Software - SQL Injection
SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter.
CVE-2010-2354 EXPLOITDB text WRITEUP
Pilot Group eLMS Pro - SQL Injection via subscribe.php course_id Parameter
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
CVE-2010-2439 EXPLOITDB python WORKING POC
MoreAmp - Stack-based Buffer Overflow via Long Line in Song List File
Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).
EIP-2026-112463 EXPLOITDB text WRITEUP
Subrion Auto Classifieds - Persistent Cross-Site Scripting
EIP-2026-111683 EXPLOITDB text WRITEUP
Rayzz Photoz - Arbitrary File Upload
CVE-2010-5011 EXPLOITDB text WRITEUP
SchoolMation 2.3 - SQL Injection via Studentmain Session Parameter
SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.
CVE-2010-2698 EXPLOITDB text WRITEUP
Sijio Community Software - Authenticated Cross-Site Scripting via Title Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-110927 EXPLOITDB text WRITEUP
PHPAuctionSystem - Arbitrary File Upload
EIP-2026-110572 EXPLOITDB text WRITEUP
PGAUTOPro - SQL Injection / Cross-Site Scripting (1)
EIP-2026-109868 EXPLOITDB text WRITEUP
Netartmedia iBoutique.MALL - SQL Injection
CVE-2010-4719 EXPLOITDB text WRITEUP
com_jradio < 1.5.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
CVE-2010-2912 EXPLOITDB text WRITEUP
Kayako eSupport 3.70.02 - SQL Injection
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
CVE-2010-4975 EXPLOITDB text WRITEUP
Techjoomla com_socialads - SQL Injection via Ads Description Field
SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php.
CVE-2010-4991 EXPLOITDB text WRITEUP
ninjaforge ninjamonials - SQL Injection via Itemid Parameter
SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to index.php.
CVE-2010-4995 EXPLOITDB text WRITEUP
NeoRecruit 1.6.4 - SQL Injection via Itemid Parameter
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506.
CVE-2010-4992 EXPLOITDB text WRITEUP
Payments Plus 2.1.5 - SQL Injection
SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html.
CVE-2010-2857 EXPLOITDB text WRITEUP
com_music - Path Traversal via Album CID Parameter
Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
EIP-2026-108787 EXPLOITDB text WRITEUP
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting
EIP-2026-108806 EXPLOITDB text WRITEUP
Joomla! Component MyHome - Blind SQL Injection
EIP-2026-108840 EXPLOITDB text WORKING POC
Joomla! Component Rapid-Recipe - Persistent Cross-Site Scripting